vjw0rm | 09a9a4e6ec5014cdee9a0ab82e104e633010f83c111f2c61334e95b63bbe2705 | Triage

Sharing

General

Target

JaffaCakes118_09a9a4e6ec5014cdee9a0ab82e104e633010f83c111f2c61334e95b63bbe2705
Size

21KB
Sample

241229-k47sraxrdz
MD5

579bc51639090a981b238e214f57f34c
SHA1

a2a01f8e4cc50fddac70e3240a017c8308614cdb
SHA256

09a9a4e6ec5014cdee9a0ab82e104e633010f83c111f2c61334e95b63bbe2705
SHA512

40b70c5d6e5cc992f719d00e526ead45fc93b6a3bb9ceccbb99aaaea22daf43b50cd5c01858d00a02a245075fa65e43e02f5b7843e202967ef64f473f7defc77
SSDEEP

384:Nu6qW8DXPtdgifKHwH9y2i3dKtICtBuqsmFihkQS7SHjS0DewWx5h7qQLHAC5:QY0XlxiQHli3deHXuBmhujS0RWx5BjAq

Score

10^/10

vjw0rm execution trojan worm

Malware Config

Targets

- Target
  
  QN8D6TLS2M.js
- Size
  
  15KB
- MD5
  
  2646e1d3ec6e562664d26c4bdb7c24d2
- SHA1
  
  c74d57ad70ca370ba2120040259baa1ffd8497d8
- SHA256
  
  979cd70b68c5b31a5c9c4cb15051a9b659aaac22f6cca976c5a76c6370b2ec57
- SHA512
  
  6ee627863528f5707549961eb38db71e6896cf3231c7be7c1847b449572e61387c83307733331c0b55e9533340c056709d6c68b4ad5d2dcb4581c9041100676d
- SSDEEP
  
  384:VmZ7rQNw/n3ZJndzmXbXcKc/tzxUspxQKhZLSq01wlLd:VmZrQ6R7zmS/FxNDvLSq0SlLd
Score

10^/10

vjw0rm execution trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Vjw0rm family
  vjw0rm
- Drops startup file
behavioral1 behavioral2
- Target
  
  jef.js
- Size
  
  6KB
- MD5
  
  17e089c3ef4f085b1bfad8c1b4361487
- SHA1
  
  3e6807462f66acb266cb726f3a69a01848242bdc
- SHA256
  
  f1541619d13f07d33fef8c8aca2415661482751e0095f235ac9d0c5de3d71ca3
- SHA512
  
  39eaa8931a473444db641a28d20aa2cebde4678c3274efdf4ec8bbcb00005f29d905161521edcbcaa7c0e1f690fdb8ce54bdbd95e1869f45f8864b25a6a93f49
- SSDEEP
  
  192:n8+1Wv91fDDXz2sRiPuq/JnlbiMlhEs9hnBEqbam1n:8+wvzDXzYn/pluihEkhBluml
Score

10^/10

vjw0rm execution trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Vjw0rm family
  vjw0rm
- Drops startup file
behavioral3 behavioral4
- Target
  
  sk.js
- Size
  
  6KB
- MD5
  
  d354464eb14c4d99c190cb2acfdfc49e
- SHA1
  
  26e10a51ea212932e7ed7f2e73dcbd8e40e9656f
- SHA256
  
  1b6515d5d9a1eda84fa8446b67136a38f135202390eb48b0f2457653a75f6409
- SHA512
  
  0a713147809d77d0751afc5c14d1c0679f576422ca96fe03fbe38bdefd31013e7e24edd093ee0f941722bf6a51a4519237613d0cfeaec213c91a170052d40fa6
- SSDEEP
  
  96:FlG93tXh8lZrFOkai8ayo9n/TPHUAl0kxOB/+Z3DfiDYwyPA:qxtXh8lVpaiHz/hxNZ3DfwyPA
Score

10^/10

vjw0rm execution trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Vjw0rm family
  vjw0rm
- Drops startup file
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vjw0rmexecutiontrojanworm

behavioral2

vjw0rmexecutiontrojanworm

behavioral3

vjw0rmexecutiontrojanworm

behavioral4

vjw0rmexecutiontrojanworm

behavioral5

vjw0rmexecutiontrojanworm

behavioral6

vjw0rmexecutiontrojanworm